Control Systems Security Program - Transportation · Immediately you realize that without the...
Transcript of Control Systems Security Program - Transportation · Immediately you realize that without the...
![Page 1: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/1.jpg)
Control Systems Security Program - Transportation
DHS CSSPICSJWG Conference – Seattle
October 27, 2010
David Sawin
![Page 2: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/2.jpg)
Cyber Security is a National Issue
• Howard Schmidt appointed White House Cyber Security Coordinator, Dec. 2009
• 2010 Protecting Cyberspace as a National Asset
• PDD63 – Critical Infrastructure
2
Howard SchmidtWhite House Cyber Security Coordinator
![Page 3: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/3.jpg)
18 Critical Infrastructure Sectors
Homeland Security Presidential Directive 7 (HSPD-7) along with the National Infrastructure Protection Plan (NIPP) identified & categorized
U.S. Critical Infrastructure into the following 18 Critical Infrastructure & Key Resources Sectors
1. Agriculture & Food 2. Banking & Finance
3. Chemical 4. Commercial Facilities
5. Dams6. Defense Industrial Base
13. Postal & Shipping 14. Public Health & Healthcare
15. Telecommunications
16. Transportation17. Water
18. Critical Manufacturing*
7. Emergency Services 8. Energy
9. Government Facilities10. Information Technology
11. National Monuments & Icons 12. Nuclear Reactors,
Materials, & Waste
3
![Page 4: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/4.jpg)
Source: Heller, M (2001). Interdependencies of Civil Infrastructure Systems. The Bridge, a publication of the Nation Academy of Engineering. V. $, #31, 2001
![Page 5: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/5.jpg)
The John A. Volpe National Transportation Systems Center
![Page 6: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/6.jpg)
U.S. DOT strategic goals
• Safety/Security
• State of good repair
• Economic competitiveness
• Livable communities
• Environmental sustainability
Photo courtesy of the Volpe Center
6
![Page 7: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/7.jpg)
Volpe Center mission, vision and capabilities
Mission and vision• A world-recognized Federal center
of excellence and leader in transportation
• Trusted enabler of critical improvements to transportation and logistics systems
• Leader in government, industry, and academic cooperation
Unique capabilities
• Institutional knowledge of the global transportation systems
• Awareness of Federal responsibilities, objectives, and activities in the public interest
• Experience with the full spectrum of technologies and disciplines relevant to transportation system improvements
7
![Page 8: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/8.jpg)
Centers of Innovation at the Volpe Center
• Multimodal Systems Research and Analysis
• Safety Management Systems
• Environmental and Energy Systems
• Freight Logistics and Transportation Systems• Physical Infrastructure Systems
• Communication, Navigation, Surveillance and Traffic Management Systems
• Human Factors Research and System Applications
• Advanced Vehicle and Information Network Systems
8
![Page 9: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/9.jpg)
Volpe Center Cyber Security Life Cycle Support
![Page 10: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/10.jpg)
Volpe Center Cyber Security Life Cycle Support
Photo courtesy of the Volpe Center
FAA• National Airspace System (NAS) Vulnerability Assessment for PDD-63• ~ 50 C&A’s and Penetration Testing for the National Airspace System• GPS Vulnerability Assessment• Cyber Security Awareness Training & Workshops• Cyber Security Incident Response Center (CSIRC) • Airborne Network IA Support (Security/Safety R&D studies, RTCA SC-216)• B-787 Security Certification and Cyber Training Support• Aerospace Network Security Simulator• WebCM – C&A, Operational Support, Configuration Management Tools
![Page 11: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/11.jpg)
Volpe Center Cyber Security Life Cycle Support
Photo courtesy of the Volpe Center
USAF/TSWG• Joint USAF/Civil AN R&D Plans for Secure Airborne Networks• AN Workshops (US and UK)• Electronic Flight Bag Security Use Case/Risk Assessment• Commercial Derivative Aircraft Cyber Papers
OTHER• NASA – Airborne Network IA Research Studies • TSA – Transportation Worker Identification Card C&A• Maryland Intelligent Transportation System Cyber Security Assessment• DOT Intelligent Transportation System JPO - Trust Model for Intellidrive
![Page 12: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/12.jpg)
Volpe Center Supporting DHS Control System Security Program in Transportation
• Control system inventory• Threat and vulnerability
assessments• Research and simulation
laboratory• National Cyber Incident
Response Plan• Real-time reporting concepts• Outreach, training and
professional capacity building• Transportation Control System
Security Roadmap• International Collaboration
12
![Page 13: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/13.jpg)
Planned Engagement of Modes
13
Program Planning
Control System Inventory
Assessments
Research & Simulation Lab
NCIRP/Real-time Requirements
Outreach/Training/PCB
Transportation Roadmap/International
2011 - 2015Q3 Q4Q1
S O N D J F M A M J J A S
All Transportation Modes - Rail & Aviation - Highway, Pipeline, Maritime, Non-rail Transit & Intermodal -
![Page 14: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/14.jpg)
Volpe Center Supporting DHS Control System Security Program in Transportation
• Major players– DHS CSSP Joint Working Group, conferences & workshops– DHS TSA Joint Working Group– American Public Transportation Association, Amtrak, Association
of American Railroads, Union Pacific, FTA, FRA– Surface Transportation/Public Transportation ISACS, – FAA, Highway, Pipeline, Maritime– Many others
![Page 15: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/15.jpg)
Transportation Systems Are Becoming Increasingly Dependent on Information Technology
15
![Page 16: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/16.jpg)
14 Year Old Boy Derails Polish Trams with Modified TV Remote
16
Source: Telegraph.co.uk, 11 January 2008
![Page 17: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/17.jpg)
Future Positive Train Control Systems
17
![Page 18: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/18.jpg)
Intelligent Transportation System Vulnerabilities:Variable Message Signs on Highways Hacked
18
Hacking instructions were available on i-hacked.com.
![Page 19: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/19.jpg)
Traffic Management System Vulnerabilities
19
Source: Washington Post, November 5, 2009
Traffic signal computer crash & power failurein Maryland delays thousands.
Disgruntled employee hacked intotraffic control computer in Los Angeles;
shut down signals at key points causing delays for four days in 2006.
Traffic management centers vulnerable to malware and hacking
![Page 20: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/20.jpg)
Cyber-physical Systems in Automobiles Vulnerable
20
Tire sensor hacking kit developed by University of South Carolina and Rutgers U.
Source: MIT Technology Review, August 10, 2010
Key vehicle systems controlled by hackerteams from U. of Washington and UCSD
![Page 21: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/21.jpg)
Future Intelligent Transportation System: Intellidrive
21
Probe Data
E-payment Transactions
Signal Phase and Timing Information
Real Time Network Data
Opportunity for
InnovationV2V Safety Messages
“The Network”
V2V Crash avoidance
![Page 22: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/22.jpg)
Today’s Air Traffic Control System
22
![Page 23: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/23.jpg)
NextGen Air Traffic Control System
23
“NextGen: Security = Safety”
![Page 24: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/24.jpg)
Coordinated Collaboration Among All Stakeholders
• Designers & manufacturers• Equipment suppliers• System integrators• University & government
researchers• Testing organizations• Users • Infrastructure operators• Standards organizations• Regulators
24
Example: Airborne Network Security
![Page 25: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/25.jpg)
• Today’s maritime environment includes automation throughout our nation’s ports– Automated entry systems– Wireless cargo tracking– Driverless cranes and other vehicles
Today’s Automated Maritime Systems
25
![Page 26: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/26.jpg)
Driverless Vehicle• Hamburg Germany. Driverless vehicle moving 40’ container to
automated storage crane.
![Page 27: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/27.jpg)
Crane Accident• Oakland, CA. Dropped cargo container too early. Is this a result of
a Control System failure?
![Page 28: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/28.jpg)
Vessel Balance Accident• Liberia. Vessel storage usually executed by Control System “Bay
Plan”. Several onboard ship systems are Control Systems
![Page 29: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/29.jpg)
Hazardous Cargo• Guam. Water activated cargo. Not all hazardous cargo is coded
correctly resulting in inaccurate manifest
![Page 30: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/30.jpg)
Navigation Malfunction• Oakland, CA. Steering or navigation malfunction.
![Page 31: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/31.jpg)
Dry-dock Malfunction• Dubai. Opened sea gate while workers were under vessel resulting
in 27 deaths and the loss of 2 vessels.
![Page 32: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/32.jpg)
Pipeline Explosions
32
![Page 33: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/33.jpg)
Next Steps = Collaboration
• We would like to communicate and learn from all of you– What’s been done?
– What are the…• Lessons learned and Methodologies
• For Transportation– Control system inventory– Threat, vulnerability and assessments– Research and simulation laboratory– National Cyber Incident Response Plan– Real-time reporting concept– Outreach, Training and Professional Capacity Building– Transportation Roadmap– International Collaboration
33
![Page 34: Control Systems Security Program - Transportation · Immediately you realize that without the industrial control s對ystems supporting these facilities, or more importantly without](https://reader036.fdocuments.in/reader036/viewer/2022070718/5ede2aeead6a402d666977ec/html5/thumbnails/34.jpg)
Contact Information
David SawinProgram Manager, Information Assurance (Control Systems)617 494 [email protected]
Rod CookChief, Intermodal Infrastructure Security and Operations617 494 [email protected]
34